[Ilugc] Safe execution of binary programs
Sridhar R
sridharinfinity at gmail.com
Sun Jul 25 17:28:17 IST 2004
Sivasankar Chander <siva at dias.ath.cx> wrote:
> > Is there any way to execute programs (compiled from untrusted C/C++
> > source file) in safe way ?
> >
> > * The program may use 'signal' system call to kill all other user
> > processes. This shoudn't be allowed
> > * The program shoudn't be allowed to use n/w
> > * Resources should be limited ('ulimit' comes here)
> > * .. anything I missed.
> >
> Execute it in a chroot jail as an unprivileged (non-root) user. Better
> still, run it in a virtual machine like plex86/vmware with a minimal
> userland.
Running it in VM is not appropriate and possible for my application.
But how could running chroot jail prevent calling system calls like
signal (by which the program can easily kill processes).
PS: Actually I am trying to write a (python) program that will execute
binaries safely.
--
Sridhar - http://www.cs.annauniv.edu/~rsridhar
Blog: http://www.livejournal.com/users/sridharinfinity
More information about the ilugc
mailing list